]>
Commit | Line | Data |
---|---|---|
1 | // SPDX-License-Identifier: GPL-2.0 | |
2 | ||
3 | #include <linux/quotaops.h> | |
4 | #include <linux/uuid.h> | |
5 | ||
6 | #include "ext4.h" | |
7 | #include "xattr.h" | |
8 | #include "ext4_jbd2.h" | |
9 | ||
10 | static void ext4_fname_from_fscrypt_name(struct ext4_filename *dst, | |
11 | const struct fscrypt_name *src) | |
12 | { | |
13 | memset(dst, 0, sizeof(*dst)); | |
14 | ||
15 | dst->usr_fname = src->usr_fname; | |
16 | dst->disk_name = src->disk_name; | |
17 | dst->hinfo.hash = src->hash; | |
18 | dst->hinfo.minor_hash = src->minor_hash; | |
19 | dst->crypto_buf = src->crypto_buf; | |
20 | } | |
21 | ||
22 | int ext4_fname_setup_filename(struct inode *dir, const struct qstr *iname, | |
23 | int lookup, struct ext4_filename *fname) | |
24 | { | |
25 | struct fscrypt_name name; | |
26 | int err; | |
27 | ||
28 | err = fscrypt_setup_filename(dir, iname, lookup, &name); | |
29 | if (err) | |
30 | return err; | |
31 | ||
32 | ext4_fname_from_fscrypt_name(fname, &name); | |
33 | ||
34 | #if IS_ENABLED(CONFIG_UNICODE) | |
35 | err = ext4_fname_setup_ci_filename(dir, iname, fname); | |
36 | if (err) | |
37 | ext4_fname_free_filename(fname); | |
38 | #endif | |
39 | return err; | |
40 | } | |
41 | ||
42 | int ext4_fname_prepare_lookup(struct inode *dir, struct dentry *dentry, | |
43 | struct ext4_filename *fname) | |
44 | { | |
45 | struct fscrypt_name name; | |
46 | int err; | |
47 | ||
48 | err = fscrypt_prepare_lookup(dir, dentry, &name); | |
49 | if (err) | |
50 | return err; | |
51 | ||
52 | ext4_fname_from_fscrypt_name(fname, &name); | |
53 | ||
54 | #if IS_ENABLED(CONFIG_UNICODE) | |
55 | err = ext4_fname_setup_ci_filename(dir, &dentry->d_name, fname); | |
56 | if (err) | |
57 | ext4_fname_free_filename(fname); | |
58 | #endif | |
59 | return err; | |
60 | } | |
61 | ||
62 | void ext4_fname_free_filename(struct ext4_filename *fname) | |
63 | { | |
64 | struct fscrypt_name name; | |
65 | ||
66 | name.crypto_buf = fname->crypto_buf; | |
67 | fscrypt_free_filename(&name); | |
68 | ||
69 | fname->crypto_buf.name = NULL; | |
70 | fname->usr_fname = NULL; | |
71 | fname->disk_name.name = NULL; | |
72 | ||
73 | #if IS_ENABLED(CONFIG_UNICODE) | |
74 | kfree(fname->cf_name.name); | |
75 | fname->cf_name.name = NULL; | |
76 | #endif | |
77 | } | |
78 | ||
79 | static bool uuid_is_zero(__u8 u[16]) | |
80 | { | |
81 | int i; | |
82 | ||
83 | for (i = 0; i < 16; i++) | |
84 | if (u[i]) | |
85 | return false; | |
86 | return true; | |
87 | } | |
88 | ||
89 | int ext4_ioctl_get_encryption_pwsalt(struct file *filp, void __user *arg) | |
90 | { | |
91 | struct super_block *sb = file_inode(filp)->i_sb; | |
92 | struct ext4_sb_info *sbi = EXT4_SB(sb); | |
93 | int err, err2; | |
94 | handle_t *handle; | |
95 | ||
96 | if (!ext4_has_feature_encrypt(sb)) | |
97 | return -EOPNOTSUPP; | |
98 | ||
99 | if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) { | |
100 | err = mnt_want_write_file(filp); | |
101 | if (err) | |
102 | return err; | |
103 | handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1); | |
104 | if (IS_ERR(handle)) { | |
105 | err = PTR_ERR(handle); | |
106 | goto pwsalt_err_exit; | |
107 | } | |
108 | err = ext4_journal_get_write_access(handle, sb, sbi->s_sbh, | |
109 | EXT4_JTR_NONE); | |
110 | if (err) | |
111 | goto pwsalt_err_journal; | |
112 | lock_buffer(sbi->s_sbh); | |
113 | generate_random_uuid(sbi->s_es->s_encrypt_pw_salt); | |
114 | ext4_superblock_csum_set(sb); | |
115 | unlock_buffer(sbi->s_sbh); | |
116 | err = ext4_handle_dirty_metadata(handle, NULL, sbi->s_sbh); | |
117 | pwsalt_err_journal: | |
118 | err2 = ext4_journal_stop(handle); | |
119 | if (err2 && !err) | |
120 | err = err2; | |
121 | pwsalt_err_exit: | |
122 | mnt_drop_write_file(filp); | |
123 | if (err) | |
124 | return err; | |
125 | } | |
126 | ||
127 | if (copy_to_user(arg, sbi->s_es->s_encrypt_pw_salt, 16)) | |
128 | return -EFAULT; | |
129 | return 0; | |
130 | } | |
131 | ||
132 | static int ext4_get_context(struct inode *inode, void *ctx, size_t len) | |
133 | { | |
134 | return ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION, | |
135 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, ctx, len); | |
136 | } | |
137 | ||
138 | static int ext4_set_context(struct inode *inode, const void *ctx, size_t len, | |
139 | void *fs_data) | |
140 | { | |
141 | handle_t *handle = fs_data; | |
142 | int res, res2, credits, retries = 0; | |
143 | ||
144 | /* | |
145 | * Encrypting the root directory is not allowed because e2fsck expects | |
146 | * lost+found to exist and be unencrypted, and encrypting the root | |
147 | * directory would imply encrypting the lost+found directory as well as | |
148 | * the filename "lost+found" itself. | |
149 | */ | |
150 | if (inode->i_ino == EXT4_ROOT_INO) | |
151 | return -EPERM; | |
152 | ||
153 | if (WARN_ON_ONCE(IS_DAX(inode) && i_size_read(inode))) | |
154 | return -EINVAL; | |
155 | ||
156 | if (ext4_test_inode_flag(inode, EXT4_INODE_DAX)) | |
157 | return -EOPNOTSUPP; | |
158 | ||
159 | res = ext4_convert_inline_data(inode); | |
160 | if (res) | |
161 | return res; | |
162 | ||
163 | /* | |
164 | * If a journal handle was specified, then the encryption context is | |
165 | * being set on a new inode via inheritance and is part of a larger | |
166 | * transaction to create the inode. Otherwise the encryption context is | |
167 | * being set on an existing inode in its own transaction. Only in the | |
168 | * latter case should the "retry on ENOSPC" logic be used. | |
169 | */ | |
170 | ||
171 | if (handle) { | |
172 | res = ext4_xattr_set_handle(handle, inode, | |
173 | EXT4_XATTR_INDEX_ENCRYPTION, | |
174 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, | |
175 | ctx, len, 0); | |
176 | if (!res) { | |
177 | ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT); | |
178 | ext4_clear_inode_state(inode, | |
179 | EXT4_STATE_MAY_INLINE_DATA); | |
180 | /* | |
181 | * Update inode->i_flags - S_ENCRYPTED will be enabled, | |
182 | * S_DAX may be disabled | |
183 | */ | |
184 | ext4_set_inode_flags(inode, false); | |
185 | } | |
186 | return res; | |
187 | } | |
188 | ||
189 | res = dquot_initialize(inode); | |
190 | if (res) | |
191 | return res; | |
192 | retry: | |
193 | res = ext4_xattr_set_credits(inode, len, false /* is_create */, | |
194 | &credits); | |
195 | if (res) | |
196 | return res; | |
197 | ||
198 | handle = ext4_journal_start(inode, EXT4_HT_MISC, credits); | |
199 | if (IS_ERR(handle)) | |
200 | return PTR_ERR(handle); | |
201 | ||
202 | res = ext4_xattr_set_handle(handle, inode, EXT4_XATTR_INDEX_ENCRYPTION, | |
203 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, | |
204 | ctx, len, 0); | |
205 | if (!res) { | |
206 | ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT); | |
207 | /* | |
208 | * Update inode->i_flags - S_ENCRYPTED will be enabled, | |
209 | * S_DAX may be disabled | |
210 | */ | |
211 | ext4_set_inode_flags(inode, false); | |
212 | res = ext4_mark_inode_dirty(handle, inode); | |
213 | if (res) | |
214 | EXT4_ERROR_INODE(inode, "Failed to mark inode dirty"); | |
215 | } | |
216 | res2 = ext4_journal_stop(handle); | |
217 | ||
218 | if (res == -ENOSPC && ext4_should_retry_alloc(inode->i_sb, &retries)) | |
219 | goto retry; | |
220 | if (!res) | |
221 | res = res2; | |
222 | return res; | |
223 | } | |
224 | ||
225 | static const union fscrypt_policy *ext4_get_dummy_policy(struct super_block *sb) | |
226 | { | |
227 | return EXT4_SB(sb)->s_dummy_enc_policy.policy; | |
228 | } | |
229 | ||
230 | static bool ext4_has_stable_inodes(struct super_block *sb) | |
231 | { | |
232 | return ext4_has_feature_stable_inodes(sb); | |
233 | } | |
234 | ||
235 | static void ext4_get_ino_and_lblk_bits(struct super_block *sb, | |
236 | int *ino_bits_ret, int *lblk_bits_ret) | |
237 | { | |
238 | *ino_bits_ret = 8 * sizeof(EXT4_SB(sb)->s_es->s_inodes_count); | |
239 | *lblk_bits_ret = 8 * sizeof(ext4_lblk_t); | |
240 | } | |
241 | ||
242 | const struct fscrypt_operations ext4_cryptops = { | |
243 | .legacy_key_prefix = "ext4:", | |
244 | .get_context = ext4_get_context, | |
245 | .set_context = ext4_set_context, | |
246 | .get_dummy_policy = ext4_get_dummy_policy, | |
247 | .empty_dir = ext4_empty_dir, | |
248 | .has_stable_inodes = ext4_has_stable_inodes, | |
249 | .get_ino_and_lblk_bits = ext4_get_ino_and_lblk_bits, | |
250 | }; |